ATTORNEY'S DOCI^h W PATENT 

062891.0240 09/241,823 



IN THE CLAIMS 

For the convenience of the Examiner, Applicant has reproduced all of the pending 
claims below whether amended or not. Please refer to Attachment A for a marked-up version 
of the amended claims. 

Claims 1 to 8 have been previously cancelled without prejudice or disclaimer. 

1/ " ~ " ~ 

9. (Previously Amended) A ynethod for updating a first version of a 
program operating at a network site, comprisir 

in response to an automated event, automatically downloading from a remote site any 
update for the program; 

automatically installing a downloaded update to generate a second version of the 
program; jj 

after installation of the downloaded update, automatically determining whether the 
second version of the program is operating correctly; 

in response to correct operation oa/the second version, operating the second version of 
the program in place of the first version/at the network site; and 

in response to incorrect operation of the second version, automatically restoring the 
first version of the program for operation at the network site. 
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(Amended Twice) A method for updating a first version of a program 



operating at a network site, comprising: 

in response to an automated event, automatically downloading from a remote site any 

update for the program; 

installing a downloaded update to generate a second version of the program; and 
operating the second version of the program in place of the first version at the 

network site; 

automatically distributing the downloaded update to a disparate network site operating 
the first version of the program; 

automatically installing the downloaded update to generate the second version of the 
program at the disparate network site; and 

automatically operating the second version of the program in place of the first version 
at the disparate network site. 
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(Amended Twice) A method for updating a first version of a program 
operating at a network site, comprising: 

in response to an automated event, automatically downloading from a remote site any 
update for the program; 

installing a downloaded update to generate a second version of the program; 
after installation of the downloaded update, automatically determining whether the 
second version of the program is operating correctly at the network site; 

in response to incorrect operation of the second version, automatically restoring the 
first version of the program for operation at the network site; and 

in response to correct operation of the second version at the network site: 

automatically distributing the downloaded update to a disparate network site 
operating the first version of the program; 

automatically installing the downloaded update to generate the second version 
of the program at the disparate network site; and 

automatically operating the second version of the program in place of the first 
version at the disparate network site. 
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' (Amended Twice) A method for updating a first version of a program 
operating at a network site, comprising: 

in response to an automated event, automatically downloading from a remote site any 
update for the program; 

automatically installing a downloaded update to generate a second version of the 
program; and 

operating the second version of the program in place of the first version at the 
network site; 

broadcasting over a network an update message; 

receiving in response to the update message a request for the downloaded update from 
each of a plurality of disparate network sites operating the first version of the program; 

automatically distributing the downloaded update to the disparate network sites 
requesting the downloaded update; 

automatically installing the downloaded update to generate the second version of the 
program at each of the disparate network sites; and 

automatically operating the second version of the program in place of the first version 
at each of the disparate network sites. 



13. The method of Claim 12, further comprising: 
receiving a recovery event at one of the network sites; 

automatically restoring the first version of the program at the network site at which 

the recovery event was received; 

broadcasting a recovery message from the network site over the network; and 
automatically restoring the fi/st version of the program at each of the remaining 

network sites operating the second version of the program. 



Claims 14 to 21 have been previously cancelled without prejudice or disclaimer. 
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22. (Previously Amended) An intrusion detection system^comprising: 

a private network including a plurality of sites connected to a public network, each 

site including an intrusion detection sensor operating with a first set of intrusion detection 

signatures; and 

each of the intrusion detection senses. operable to automatically download from a 
remote site any update for the intrusiprfaetection signatures in response to a specified event, 
to automatically install a downlp^cled update to generate a second set of intrusion detection 
signatures, to operate wijfcn the" second set of intrusion detection signatures, and to 
automatically distribuj^he'downloaded update to the remaining intrusion detection sensors 
for installation. 



23. The system of Claim 22, wherein the specified event is an automated event. 

24. The system of Claim 23, wherein the automated event is a timed event. 

S 

s 

25. Previously cancelled without prejudice or disclaimer. 



(j ^6. (Amended) The method of Claim ^V^wherein the recovery event occurs in 
response to incorrect operation of the second version of the program. 
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